Despite of this, I was really interested in M.E.Doc(servers were confiscated by Ukrainian police and website is not operational) role in the initial phase of malware spreading. In my opinion, we have a pretty interesting example of an attack vector, that will be very hard to detect and mitigate. And moreover, it’s once again shows that protected perimeter won’t be a panacea anymore.

M.E.Doc is an Document Circulation System very popular in Ukraine. It makes possible to send reports to the government authorities in electronic form. It can be used in any organization. I can even imagine situation when usage of this kind of software may be even mandatory. Now the researchers [Eset, Dr.Web] say that M.E.Doc servers sent updates with backdoors to the customers.

Meta

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.